| /* SPDX-License-Identifier: GPL-2.0-only */ |
| |
| #ifndef _CBFS_GLUE_H_ |
| #define _CBFS_GLUE_H_ |
| |
| #include <commonlib/region.h> |
| #include <console/console.h> |
| #include <security/vboot/misc.h> |
| |
| /* |
| * This flag prevents linking hashing functions into stages where they're not required. We don't |
| * need them at all if verification is disabled. If verification is enabled without TOCTOU |
| * safety, we only need to verify the metadata hash in the initial stage and can assume it stays |
| * valid in later stages. If TOCTOU safety is required, we may need them in every stage to |
| * reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache). |
| * Moreover, if VBOOT_CBFS_INTEGRATION and verification are both enabled, then hashing functions |
| * are required during verification stage. |
| * Note that this only concerns metadata hashing -- file access functions may still link hashing |
| * routines independently for file data hashing. |
| */ |
| #define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \ |
| (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE || \ |
| (CONFIG(VBOOT_CBFS_INTEGRATION) && \ |
| (verification_should_run() || \ |
| (verstage_should_load() && \ |
| CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))))) |
| #define CBFS_HASH_HWCRYPTO vboot_hwcrypto_allowed() |
| |
| #define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__) |
| #define LOG(...) printk(BIOS_INFO, "CBFS: " __VA_ARGS__) |
| #define DEBUG(...) do { \ |
| if (CONFIG(DEBUG_CBFS)) \ |
| printk(BIOS_SPEW, "CBFS DEBUG: " __VA_ARGS__); \ |
| } while (0) |
| |
| typedef const struct region_device *cbfs_dev_t; |
| |
| static inline ssize_t cbfs_dev_read(cbfs_dev_t dev, void *buffer, size_t offset, size_t size) |
| { |
| return rdev_readat(dev, buffer, offset, size); |
| } |
| |
| static inline size_t cbfs_dev_size(cbfs_dev_t dev) |
| { |
| return region_device_sz(dev); |
| } |
| |
| #endif /* _CBFS_GLUE_H_ */ |